My curated awesome list of cybersecurity research, RE material, exploitation write-ups, and tools. https://t.co/6YgCLKcdUH #infosec

''Malware development trick 53: steal data via legit XBOX API. Simple C example.'' #infosec #pentest #redteam #blueteam https://t.co/eHB5l9cFQe

THC Release: 🎄Smallest SSHD backdoor🎄 - Does not add any new file - Survives apt-update - Does not use PAM or authorized_keys Just SSHD trickery....adds one line only. More at https://t.co/zVCLwmbXv2 👌

In early October 2025, Microsoft disrupted a Vanilla Tempest campaign by revoking over 200 certificates that the threat actor had fraudulently signed and used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy Rhysida ransomware. We identified this

Lateral movement getting blocked by traditional methods? @werdhaihai just dropped research on a new lateral movement technique using Windows Installer Custom Action Server, complete with working BOF code.

🔒 Secure Bits 💡 Did you know 𝘆𝗼𝘂 𝗰𝗮𝗻 𝗵𝗶𝗱𝗲 𝗗𝗼𝗺𝗮𝗶𝗻 𝗔𝗱𝗺𝗶𝗻𝘀 from standard discovery—even from other admins? Active Directory is a “𝗿𝗲𝗮𝗱-𝗺𝗮𝗻𝘆” 𝗱𝗶𝗿𝗲𝗰𝘁𝗼𝗿𝘆 by design. But 𝗟𝗶𝘀𝘁 𝗢𝗯𝗷𝗲𝗰𝘁 𝗠𝗼𝗱𝗲 (𝗟𝗢𝗠) can change that. 🕵️‍♂️ Martin Handl

Active Directory hardening is free…outside of your time. Overall - PingCastle Passwords - FGPP, LAPS, Lithnet Permissions - ADeleg/ADeleginator Applocker - Applocker Inspector/Applocker gen ADCS - Locksmith Logon scripts - ScriptSentry GPO - GPOZaurr Baselines - CIS/Microsoft

Great resource by @lazarusholic listing DPRK linked threat actors and related threat reports 👌 https://t.co/cSSunBa5bo

I'm SO hyped to finally make MSSQLHound public! It's a new BloodHound collector that adds 37 new edges and 7 new nodes for MSSQL attack paths using the new OpenGraph feature for 8.0!. Let me know what you find with it! - https://t.co/Hh089SaVOS - https://t.co/geO0HXTykf

🔴 Red and blue teams, this one's for you. 🔵 LudusHound bridges BloodHound Attack Paths with lab automation by creating a functional Active Directory replica testing environment. Read @bagelByt3s blog post for more. https://t.co/YOGMEQ8upC

A cool recon trick to find more targets is to check out CSP policies for juicy assets. csprecon can do this for you 👉 https://t.co/FRWS3ImxPF

Google docs now supports export as markdown! This was probably done for LLM's benefit, but it's perfect for regexing into clean, minimalist HTML:

DLL Side-loading and Hijacking — Using Threat Intelligence to Weaponize R and D https://t.co/yJOHmqfWLI

New research from our #ElasticSecurityLabs team: we dive into how infostealers are leveraging a stolen Shellter evasion tool to deploy data-stealing malware. Learn more & get our unpacker: https://t.co/7IvybAvyuL #malware #rhadamanthys #ghostpulse

Azure Arc is Microsoft's solution for managing on-premises systems in hybrid environments. My new blog covers how it can it be identified in an enterprise and misconfigurations that could allow it to be used for out-of-band execution and persistence.

How to find the Entra ID sync server - A new NetExec module🔎 Inspired by the great Entra ID talks at #Troopers25, I looked into how to find the Entra ID sync server. Results: The description of the MSOL account, as well as the ADSyncMSA service account reference this server🚀

Credentials access via Shadow Snapshots, WMI and SMB, all done remotely. Technique implemented inside impacket framework accompanied with detection automation utilizing ETW providers: Microsoft-Windows-WMI-Activity + Microsoft-Windows-SMBServer. A technique developed by Peter

Mini Writeup of CVE-2025-6554. POC by @DarkNavyOrg. All errors in writeup my own. https://t.co/tvzW9t76O5

I built a defensive scanner. They used it for privilege escalation. Somewhere, a red teamer is smiling. 😄 https://t.co/QchUrBMaha

Including nice tool release 🔥 https://t.co/4v2osVGTfA